Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
America Online

Skirting AOL Checksumming -- Legally? 149

A less-than-anonymous coward pointed out an interesting story on NewsForge outlining a (hypothetical) system for avoiding AOL's occasional cutting-off of non-official clients. Whether this is particularly legal, or only hard to catch, is another question, but it sounds workable. Of course, wouldn't it be better to just use an actually open and extensible format instead?
This discussion has been archived. No new comments can be posted.

Skirting AOL Checksumming -- Legally?

Comments Filter:
  • by Anonymous Coward
    I agree, there is nothing illegal about downloading aim.exe from aols servers. You dont even need to give the user a path, it could be autodownloaded at installation time by your chat client.

    The idea of a hash server will fail, heres why: you CANT hash every block of arbitrary length data from the executable. This is like trying to create a unix password server that stores crypts of every password in a big table, or encrypting some data with every possible key and then searching through them. Theres just too many permutations!
  • by Anonymous Coward
    All AOL would need to do in order to defeat this method is mix in some kind of salt, such as the user's aim login, and the checksum would nearly always be unique.
  • by Anonymous Coward
    I use wine and the latest windows AIM on linux and it works pretty well. Even the installer runs on linux under wine, so no windows partition is required...

  • You just answered your own question:
    I know that TOC isn't as fully featured as OSCAR, but that's what IRC and ICQ are for anyway.

    Isn't this like saying: Why don't use use TOC? TOC sucks so much that you will stop using AIM altogher and switch to another IM system, like ICQ, or you can forget about IMs altogether and just use IRC. By the way, you don't have to reverse engineer TOC, it is available as a documented standard. Basically every AIM client supports it, and nobody likes it because it sucks. AOL frequntly lets their TOC servers die for days on end and the protocol has been loosing features ever since it was documented.

    Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
  • Actually, there are many people who don't have Windows but still need to communicated with their friends and co-workers. Besides, reverse engineering something for the purposeses of interoperability is not illegal, and is in fact one of the major tenets of fair use. Not even the DMCA can take this away (unless AOL starts to encrypt their IM messages).

    Anyway, you didn't answer my question: how are we stealing something that AOL is apparently giving away for free? Sure AOL doesn't have to give it away, but they are.

    If I may venture a little ways offtopic here and offer an observation: I suspect you see issues like this in a very black and white manner. If someone isn't 100% obviously right, they must be doing something evil. If we're not following coperate policy to the letter, we are obviously no better than the common criminal. If something is against the law, then it is wrong, period. I'm not going to try to change your worldview here (it would be pointless for me to try) but I can only offer three nuggets of wisdom:
    1. Laws are not always just or wise. History teaches us that laws are frequently put in place for entirely selfish or wrong reasons.
    2. Fighting laws "in the system" is possibly the slowest and least effective means of changing a law. People don't wouldn't throw tea in harbors if it was easy (or possible) to change the law through the system. Even if a law is unjust, you are still asking the people who put it there (perhaps knowing that it was unjust) to take it away. If they didn't want it, chances are they wouldn't have put the law there in the first place, so you are asking the people who want the law in place to take it away. Can you see the conflict of interest?
    3. I like enumerating things. :)

    Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
  • 4. If you are the only person on their contact list that is fine, but if your friends have other friends (who use AOL), then it really isn't feasable to ask them to switch. Worse, many people use AIM because it is part of AOL, making them quite hesitant to switch (why give up a perfectly good IM client just becaues one of my friends switched to something I've never heard of?). Running two IM clients side by side is not exactly an elegant solution. Worse, most people will end up forgetting about the second client, particularly if they are AOL (and not just AIM) users. I offer that this is a very suboptimal solution, and in the end equivelent to option 1.
    Now this certainly isn't true of everybody. Maybe you can get your entire group of friends to switch, but I belive that is going to be the exception rather than the rule. Jabber like Linux whereas AIM is like Windows. You can run it yourself and appreciate the technical superiority, but don't expect your frends and family to switch.

    Option 5 is the same as option 1, give up IMing entirely.

    Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
  • Oh and you can't set the away message. In fact, gee, it doesn't do almost everything OSCAR does. You must not use TOC very much. I've had it go out for days at a time when I had to use it in my previous job. Oh, and you messages would make it through the servers about 90% of the time. Unfortunatly this was a few years ago, so maybe they improved it.

    I can guarentee that TOC is a lower priority at AOL than OSCAR though. Worse, there is no guarentee that AOL is going to keep TOC around, only by using OSCAR can the Unix folks keep fairly confident that they won't simply be shut off one day when AOL decides that TOC is just too expensive to keep running for the few people who actually use it. Heck, they've been hinting at this for some time now by slowly shutting off features in TOC. As it is now, they are basically down to Login, logoff, set status, and send message to X.

    Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
  • You mean tik? That uses TOC, or maybe you mean the java client, IIRC that uses TOC as well.

    By the way, has anybody successfully run the java client for more than a few hours? I always had bizzare things happening with the widgets (buttons disappearing, windows growing to 1000x10000 and then disappearing, windows placing themselves at -31231,-12314, random freezes, etc...) Not to mention it slowed down my R10k O2 with 128MB of memory (Still a lot back in the day).

    Tik was pretty cool, it even had a Slashdot ticker, but wasn't very featureful (you couldn't send files, chat, and do many of the things that the regular AIM clients could do).

    Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
  • Er, have you tried the official AOL Linux client? Interoperablility is the reason poeple are writing these AIM clones. Quite frankly the official clients are so bad they are nearly unusable, and AOL has constantly degraded the service for those clients making them very unattractive.

    Worse, if all of your friends already use AIM it is nearly impossible to get them to switch. This leaves you with 3 choices:
    1. Stop using IMs altogether, or use a nearly completely broken "official" client. Both of these are about the same.
    2. Use a different IM, like Jabber and leave your friends behind. Unfortunatly IMing yourself isn't very fun, and this turns out to be like option 1.
    3. Use a non-offical "hack" and "steal" a free service from AOL. I don't think the offical Linux clients even display ads, so I'm still wondering what exactly you are stealing that they aren't already giving away. Isn't this kind of like stealing Linux source code by downloading it off of an FTP site?

    Of course I'm probably not the best person to be commenting on this as I use ICQ (as do all my friends).

    Down that path lies madness. On the other hand, the road to hell is paved with melting snowballs.
  • Well there is such a think as "Good Enough" a message client does not have to do everything it just has to be able to message. If it does that and works it is "Good Enough" Sure you could always put one more bell on it but will it make it that much better.

    I've not used AOL's client but It apears to do the job that it needs to so what's wrong with it execpt that is from "Big Evil Company"?

    Not everyone has to be a computer geek and a programer. Infact if everyone was we would have problems because no one would be doing all of those other things that we need in socity.
  • You say that there are clients out there, but what if you dont use one of their supported OS's. I run LinuxPPC and the linux client is only an x86 binary. I know there is a Tk client but that programs is severely lacking. Also up until March 29th there was no OS X client, so i had to use the alternatives, then they released a client that is not even near the aim functionality of Fire, which is not even at version 1 yet.

    From my perspective aol hasnt been making much of an effort to make me a fully functional client.
  • One thing that definitly IS wrong with it: animated AOL ads top and bottom.

    As far as features go, I would prefer it had LESS bells and whistles. I really don't need a "buddy icon," news and stock tickers, or a "games center."

    The only additional feature I would like to see is text commands like IRC. I don't know how many times I've confused a non-technical friend by typing /quit or something to that effect.
  • Didn't the FCC consider having AIM open a requirement for the merger with Time/Warner? Simply including an AIM binary in your free client must then be fine, because the entire binary is part of the protocol, which has been forced into the public domain. If the successfully sue someone for distributing it, they're getting into anti-trust suits and asking to have their AIM servers taken down by government agents.
  • Part of the Jabber idea is that it would act as a gateway to other networks, i.e. ICQ, AOL, MSN, etc.

    Since I'm using Gabber to talk to AIM users, I guess you could say that Jabber has the same userbase as AOL + ICQ (minus any overlap), giving it the largest userbase of any IM system.

  • So then I can use an opensource, free AIM client to chat with a paying AOL user and AOL won't complain? (The AOL user is paying them money.) Not likely.

    AOL's behavior does not indicate that they are interested in being reasonable. They are interested in absolute control. It should be no surprise that they are being met with much resistance.
  • AOL's problem seems to be their desire for absolute control over IM. If I send an e-mail to an AOL user, I am using resources on their servers. But they don't complain about the cost of maintaining e-mail servers. Somehow the cost of maintaining an IM server is made out to be a big friggin' deal, though it appears to be no different than any other Internet access component.

    They should really reconsider their approach before this gets way too ugly. They have absolutely nothing to gain (and plenty to lose) by going down this path.
  • proto.ocm is 57344 bytes. So. About 26 gigabytes of checksum data for _that one_ file. I thought the other solution was not feasible anyway. This is somewhat possible but very very silly.
  • Thanks! I can save a bit of typing now.

    Here, aim.exe is 24576 bytes long. This gives (24576*24575)/2=301977600 combinations. MD5 is a 128-bit hash, so this makes 16 bytes per combo: about 4.8 gigabytes worth of data. This is _if_ only aim.exe is involved; someone here mentioned that dlls might be included too.

    I had other problems with the paper:
    I like Freenet, but it's not a lightweight process, and its speed (latency, rather) might be an issue too.
    AOL could block proxies by IP address; they haven't done this yet, I believe.

    It just seems like a clunky workaround, especially with these numbers. Perhaps we could use an offshore Freenet MD5 server, but it's overkill.
  • HermanBupkis wrote:

    The big question I have is, where is AOL making money on this that makes it even a little deal for them?

    Two things: one is the ad space at the top of the official AOL client (which right now is showing an ad for AOL 6.0, so they're not making money on it, but it's still free promotion for them).

    Secondly (and, IMHO, more importantly), the exclusivity of AIM is a "hook". It's something AOL can claim that no one else can. In short, it's a prestige thing: "We're the biggest. To be part of the biggest you have to come to us."

    Ironically enough in light of that second point, AOL users actually have less IM functionality than AIM users. It was only with AOL 6.0 that AOL users could finally set an IM away message. 7.0 may bring AOL to parity with AIM, but that's just a guess.

    The official Linux/Java/Express clients have about the same level of IM functionality as AOL users have.

  • I mean poor little old IBM I mean MS I mean ATT I mean AOL built their shit their way and offer it up to you out of the goodness of their hearts. You're just a bunch of spoiled rich kid commie faggot devil worshippers who don't know the Bright White Light of Truth (tm) when you see it. Next thing you know and people will start objecting to crappy code and iron fisted closed architectures and we'll all be living in Rooski-land and our trophy brides will be fat Ukranians wearing babushkas and having a mole.
  • I am sorry but the "Linux client" is lacking features that I would want. I think that if they seriously want us to use their software, something needs to be done to incorporate one of the leading opensource efforts into what AOL has to offer. Hell, offer the god damn client on their website and stop fucking around. Even if they are required to add advertisements that's fine, I will just edit the source later and remove it.

    The world is NOT moral. No one is a victim here. They are offering a free service to everyone (it isn't like we are stealing the service by using a free client).

    I say that AOL should use what the Open Source community has created (as it is FAR superior to what they are offering) and let us be happy :)
  • Posts like this are why I still pay attention to slashdot.

    bravo

    D
  • Would it not be more space efficient for an AIM proxy (having received a checksum request) to forward said request to a legimate client, and forward the result back to AOL? This is kind of like putting a webserver behind a NAT box: HTTP requests go to this server, FTP requests go that server, etc. One could even go so far as to get a jabber client to make a checksum request of the proxy, who then requets of a client (to reduce server message parsing overhead).

    The problem I see with the proposed scheme is if AOL picks random numbers for the start and end of the checksum. A 1 meg executable will have over 500 BILLION (5x10^11) possible checksums, if we are allowed arbitrary byte ranges! Even if (as it's a 16-byte checksum) we are allowed even byte ranges, we still get over 125 billion. The only saving grace might be if AOL is using a static table of already-computed checksums (or using a static set of checksum requests), in which case the amount of checksum data required on the freenet has a chance of not being too big.

  • by Conor6 ( 11138 ) on Wednesday April 18, 2001 @05:56AM (#282926)
    You know, I hate to say this and all, AOL being the evil empire that it is... but has anyone thought that, given that AOL pays for the maintenance of the servers we all use, regardless of which client, then they should maybe get a little say in how they get used?
    ~Conor (The Odd One)
  • Both of the answers in this vein are stupid. Yes, you can't mathematically reconstruct a sequence of bytes from even an MD5 sum. But, you can prepare a database of known MD5 sums for all sequences of one byte long. Then, if you get an MD5 sum of a one byte sequence, you know what that bytes is by looking up that sum in your database.

    You could even reasonably do this for all three byte sequences. That's only 16 million database entries. That way, you could ask for checksums of each three byte sequence in the AIM.exe file and reconstruct the AIM.exe file from them using your database. Three times faster than the one byte method.

  • I wouldn't call using IM stealing their servers. As many people have pointed out, how is me using GAIM to talk to a friend that has AOL any different from me "stealing server time" from them when I send this same person email?
  • Please explain this: AOL, whether you know this or not, has two protocols with which to connect to their network. AOL is not banning third party clients from connecting over TOC. It is banning them from using OSCAR. AOL has been saying for years OSCAR is their public protocol, and TOC is their private one. The clients that have been banned are the ones that, for some reason, have chosen to leave their sandbox and use TOC.

    Why? Why not just take all the banned clients and switch them over to TOC?

    I'm not trying ot say they should; that's just an honest question. I'm curious. Why not use TOC? What is the reasoning here? AOL's request that people stick to the public TOC protocol and let AOL use their OSCAR protocol for official use seems completely reasonable to me; am i missing something? Please explain.

    I am a user of Mac OS X. Until the week after AOL banned all the IM clients, there was no official AOLIM client for mac os x and no way to run TCL/Tk scripts, so i-- everyone-- used a nifty little program called Fire [epicware.com]. Fire is wonderful. Fire is usable. Fire is open source. Fire was blocked along with all the other TOC/OSCAR clients, and the AOLIM program that AOL finally released was so bad as to be literally unusable. I for one would occationally launch the thing to see if anyone really important was on, then quit it and go back to micq in terminal. Thankfully, a couple weeks ago, Fire switched to TOC, and i have had NO problems since then. Why don't the linux clients do the same? Jabber is staying away from TOC because they're afraid that if they use TOC AOL will ban TOC altogether (see the public statement on their website), thus ruining things for everyone. What is everyone else's excuse?

    By the way, Many people in this thread have suggested that we do not have a right to use AOL's service. This may be correct; I don't care. I am going to use AOL's servers. Capitalism is a nice thing, but capitalism does not often work as a system with the communications market, and does not work here at all. There are no market forces. I'll say this; If Southwestern Bell attempts to set unreasonable demands on my usage of their network, that's PERFECTLY FINE with me, because i can walk away at any time. I can, if i want, cancel my Southwestern Bell telephone service, and go to Birch. If both Birch and Southwestern Bell offer terms i am not happy with, that's fine too, because it is theoretically possible for me to go start my own telephone company. See? Capitalism. But meanwhile if i am NOT a Southwestern Bell customer, and they tell me that i can't dial IN to their network because i use a Primeco cellular phone, well, you can bet your ass that i for one am going to start breaking out the little yellow boxes. I will willingly break into SWBell's network if i have to (i don't) and i will willingly break into AOL's if i have to (i might eventually).And i don't care much if i am using expensive resources belonging to AOL or Ma Bell or whatever, i am not at all comfortable with any non-governmental entity having that kind of power. I'm not really comfortable with the government having it either, but at least as a voting citizen i have some tiny amount of control over what the government does, which means i am more comfortable with the government having split up the telephone network away from Ma Bell and making it open and would be more comfortable were the government to split up AOL and make their system open.

    I don't want to use AIM.
    I don't want to use their servers. I don't want to use their client. I am not given a choice. There are people on that network i need to talk to, and that is why i have suffered through dealing their awful bloated software for three years. (Over most of which time, i believe i rebooted more times because AIM had crashed than for all other reasons put together.) If i could get the people i know to switch to Jabber, i would be ecstatic. I can't. If you tell me that if i want to talk to those people i have to pay someone to use the network infrastructure, that's actually fine, sort of. But if i don't have a choice of who gets paid-- if i don't have the ability to walk away and change providers-- i am not ok with that. And if you are comparing communication networks, i don't think you can ever quite have that one single right, the right which the consumer has to have in order for capitalism to be capitalism. "You can go use the Jabber network but not talk to anyone there because AOL is specifically banning the Jabber network from communicating with theirs" Is not an alright situation to me, "you can't send e-mail to an aol user if you're using the linux sendmail server" is not an alright situation to me, and i am not going to pay much attention to what the law says in such a situation unless the police will come after me personally because i am trying to communicate with AOL users on my own terms. I doubt they will, and if they do i suspect the EFF will pay for everything anyway.

  • A letter to Harriet Tubman and the organizers of the Underground Railroad:

    The Abolitionist proponents of depliticizing the movement and making it open to freedom is failling. Everyone is coming off as a hippie communist looking to take stuff from others.

    This is beyond bizarre. Southern farmers run a group of expensive plantations and has told you to ignore their slavery. You CAN'T even claim racism, there ARE free blacks.

    They have made every effort to produce cotton and other useful products.

    The fact that you would prefer they not enslave blacks doesn't give you a right to steal their slaves and lead them to freedom in Canada.

    However, by showing that we won't respect the law nor attempts at technical limitations, you discredit all of us. For those of us trying to win adoption for Abolition, stuff like this is a huge step back.

    We're not sure if this is legal, but we think we might have finally found a loophole.

    Congratulations, you have violated ehd spirit of the law but not the letter. That doesn't make you a moral person.

    And immoral behavior is not acceptable because the victim is a plantation owner.

    --

  • I guess some people don't understand parody, even if you beat them over the head with a near-verbatim copy of the thing being satirized.

    So, for those of you who might not understand: People who say, "Stealing stuff from someone and violating the law is always wrong and unethical" are not correct, since laws and the definition of stealing are man-made and change over time.

    --

  • You have a right to not be held as a slave on a plantation.

    That was not a popular opinion in America in 1850. In fact, many people would say that Harriet Tubman was stealing slaves from their rightful owners, and what she was doing was morally wrong.

    You don't have a right to IM your buddies on AOL.

    In my opinion, i do. Just because it's not legal today does not mean it's immoral.

    --

  • The basic point is that AOL doesn't want unauthorized clients on it's network. Circumventaion is STILL circumvention, no matter HOW you do it. There are SEVERAL alternative routes to breaking into the AOL network:

    1) talk to some FCC rep and complain that AOL/TW are abusing their monopoly power by restricting access to their communication network - one that is very popular and should be open to encourage competition. eg. compete on client features on an open network.

    2) create an independant network and demand interoperability between the networks via sanctioned gateways. As I recall, the FCC wanted AOL/TW to allow other networks (such as Microsoft's MSN Messanger network and ICQ...) to communicate with AOL's network users. I don't know what kind of progress has been done, but it could work like so: an icq user would look like 1234567.icq to IM users and IM users would be visible by their nicks to ICQ users - or whatever. The point is, gateways between the networks would route the required messages. You could even look at extending Gnutella to be a messanger type network (although the file search bandwidth is not scaleable, a distributed messanging network may work fine). Also, if enough users support an open network (and drop IM), AOL may decide to open their service to attract these users back.

    3) Piss off. If you don't like their policies, don't use their service.

    Honestly... don't make me use caps here: If AOL doesn't want your client accessing its network, then there is ABSOLUTLY no "legitamite" way for your client to access the network - even by the "proxying" method as described in the article.


    ---
    Computer Science: solving today's problems tomorrow.
  • by BilldaCat ( 19181 ) on Wednesday April 18, 2001 @06:00AM (#282934) Homepage
    why they should even open it, aside from the government telling them they should as a condition of the merger.

    It's THEIR program. THEIR R&D team, and the dollars to fund them, develop it. Who has the right to say that they have to make it open for everyone to interface with and freeload off of?

    I'd be pissed off if I developed a program, spent years on it, poured tons of cash into it, watched it become wildly successful, and then have people and the government DEMAND that I open it up to everyone else.

    It's THEIR program. if you don't like it, use something else! And if your friends don't want to, that's just TOO DAMN BAD. That's not a reason for them to open it up.

    Christ.
  • Well, it doesn't seem quite on topic, but okay...
    unmd5sum(x)

    do
    generate a random file, f
    until md5sum(f)=x

    This might be slightly lossy for some files, but it runs in O(1) average-time. An md5sum is 128 bits, so the average number of loops will be about 2^127, a constant.

    What was it Homer said? "Phfft, facts!? You can use facts to prove anything."

    It is, of course, much easier to invert md5sum on a single byte at a time, which is what I originally suggested.

    Greg

  • by gregbaker ( 22648 ) on Wednesday April 18, 2001 @06:06AM (#282936) Homepage

    The "Second try" solution proposed in the article is having a checksum server. It seems to me that there's a fundamental legal problem with this.

    Suppose the checksum server will return the checksum of any part of the AIM.EXE file, which it would have to do in order to return the information needed by third-party clients. Suppose I write a script to ask for the checksum of the first byte, second byte and so on. I can compare each of these values against the checksums of the 256 distinct 8-bit values and reconstruct the AIM.EXE binary.

    So, wouldn't the checksum server be essentially redistributing the binary? It's not literally distributing it, but it's probably close enough to spend a long time dragging through the legal process.

    Greg

  • So by your reasoning, everybody should just stop bitching and forget about blocking spammers too?

  • Uhm, what differs denying some people using your mail server (cause you pay for it and all and don't want whatever people using your resources for whatever reason) from denying some people using your IM server (for whatever reason)?

    If it's my server, my bandwith, my money paying for it, I'll chose who can use it and who can't. For whatever reason I can think up. It's my call. Go whine somewhere else.

  • Sending out checksums into Freenet where they can't be retracted is a two-edged sword. AOL could easily poison the waters by sending out bogus checksums - nonretractably.

    Nonretractible information that is required to be correct should not be a feature of any sort of countermeasures system like you're describing.

  • because the third-party client still relies on the actual AOL binary for its functioning, this strategy is still of dubious legality.

    IANAL, but I disagree. You are NOT reverse-engineering the AOL binary. This sounds to me every bit like fair use.

    You need to scan the binary to perform a virus check. Hell, you need to scan the binary every time you back up your hard drive, and that probably even includes computing checksums on it.

    How is that any different from computing a checksum to reply to AOL's query? Though it's of questionable moral value (it's quite clear that AOL does not want you to do this), as long as you downlaod and install the AOL binary yourself, it sounds perfectly legal to me.

  • I started using AIM as an alternative to ICQ ... mainly because I hated the ICQ interface, and AIM's was friendlier. I switched to MSN Messenger because of AIM interoperability. Now I run both because they can no longer talk to each other. But I'd stick with MMS (it's our standard at work) if AIM support was restored. But it's a simple fact that most of the AIM users do NOT use the AOL service. Most of us just wanted a simple alternative to the overly-feature-rich ICQ client. But we only used it because it was the only alternative at the time. And we only continue to use it because there are people that we NEED to talk to that use it as well. I'd switch clients in a heartbeat if AOL would allow interoperability.
  • DON'T USE AOL Any and all problems with this ISP can easily be avoided by simply using another provider. We should be doing everything we can to encourage and assist others to upgrade from AOL. Until such time as AOL stops behaving this way there is simply no reason to deal with them in any way. We may be stuck with Microsoft products for the time being, but ISPs are a dime a dozen. There's no reason why anyone should have to subject themselves to AOL's shenanigans.
  • "create a special Freenet server that acts a normal, serving out data from its cache, unless it sees a request for an AIM.exe checksum."

    This would be difficult to do. I'm assuming the AIM protocol allows the server to request *any* byte range. You are talking about more possible requests than the keyspace of Freenet (2^160).

    Far better that someone insert AIM.exe into Freenet and clients download it. Clients could even download it from the local node each time they need a checksum:

    "I don't have AIM.exe. It's in my Freenet cache? I can't help that, it's a cache and it's encrypted so I don't know what's in it"

    AGL
  • Hey, dumb ass moderator! This was in no way off topic. There is no way you can justify that! Open up your f***ing eyes!
  • "Breaking the law"? I have a hard time accepting that argument.

    The fundamental problem is that instant messaging systems have no way of interoperating so that one system's users can IM with users of other systems. So you are either using someone's system, or you aren't. Compare this to email; you are using SOME resource to which you are authorized. You have paid (or been given by someone who has paid) access to the Internet. The cost of sending an email message is shared between the sender and the receiver. AOL's IM can't do this, so they throw out - and you swallow - the argument that there's nothing to do about it except accept their terms. Thank god their users didn't accept that standard for e-mail or the web.

    To fix this situation, there needs to be an open, internet-wide protocol for users to send each other instant messages. EVERYONE would benefit enormously from this. Customers of two-way paging systems, people who hate AOL, AOLusers, EVERYONE.

    This protocol would allow the following features:

    • Global address space
    • Address designates server to contact via DNS
    • Server-to-server authentication to protect against spoofing and flooding
    • Response to "user is online" queries ("must respond" (you can always try sending a message and deal with the error to simulate this)
    • Selective "user is online" announcements ("should accept": and clients MUST support "is user online" queries
    • File transfer abilities would change the world (so this won't make it in)
    • Protocol version and capability queries and announcements (e.g. i don't use color)
    • ONE STANDARD.
    • Agreement between AOL, MSN, Yahoo, and some Open Source system

    So why doesn't AOL go for this? Because they are going for a naked power grab, and people like you are their patsies. What makes you think you have to bend over for them?

    Regardless of what you think, people who don't buy the argument that right makes right, people who hate AOL, people who see the value in a global IM protocl, and people who value openness, freedom, choice, and the Internet itself are going to bitch about this until AOL gets their heads out of their asses.

    I have every right to say that AOL are a bunch of evil, corporate, power hungry, internet-wrecking bunch of snivelling shits until they decide to cooperate with the rest of the world..

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.

  • If companies know that we can trivially and legally circumvent their "control" schemes, they won't bother with them in the first place. And that's what open standards are all about.

    So, essentially, the author is claiming that open standards exist only because any closed standard is going to be opened forcefully, and companies are just going to give in?

    Some minds are like cement - thoroughly mixed and permanently set.

    -Adam

    "Honk if you've never seen a bazooka fired out a car window."
    Web developer:
    Resume [ubasics.com]
  • Okay, now there might be some flaw in my idea, but here it goes: What if they just store aim.exe backwards as an array in the client? When the server asks for the Md5 sum of bytes 1 through 6, just look at the array and give it the Md5 of bytes (size - 1) through (size - 6).

    Since you aren't actually distributing aim.exe (there is no way in hell it's going to run backwards), you aren't inviolation of the EULA. If just having it backwards makes it to similar, then you could divide the file up into segments, and have some of the segments backwards, and other things like this-- you could pretty easily make it irreconizable as aim.exe (with a little math) and still have it return the right sums.

    Any one see any obvious holes in my logic? Or would this actually work?

  • > what does AOL gain by having the userbase to AIM?

    The ability to make sure that the eyeballs of their users don't leave AOL for ELNK or another ISP.

    MSFT locks its users into Windows because they (i.e. the people they deal with at work) "need" M$Office.

    AOL is trying to lock its users into AOL by ensuring that they (i.e. the people they IM with at home) "need" AIM.

  • > one is the ad space at the top of the official AOL client (which right now is showing an ad for AOL 6.0, so they're not making money on it, but it's still free promotion for them).

    Au contraire.

    It's collecting demographics - so they know who uses the AOL client, how long they use it, and because AOL is a "walled garden", they can cross-reference that with everything else they know about the user.

    That's insanely valuable information for when the TW half of the conglomerate wants to sell that ad space to the highest bidder. And gets that premium price because every user is targeted.

    Remember - AOL/TW is not an ISP. They're not even an online service provider. They're a media company.

    I know, we're used to thinking of them as an ISP or OSP, and the adjustment takes a little getting used to at first, but once you make the mental shift, the battle for marketshare between AOL/TW, ELNK, and MSN becomes much easier to understand.

  • Some of us are somewhat social animals, who have friends on AOL, or friends who talk to people who use AOL. The majority of these friends don't realize or care that AOL is blocking open-source clients. We still enjoy talking to these people, more often than not in order to get a break from all the geekiness.

    I've tried getting my friends to use Jabber - not very hard, mind you - and only one switched over. And he switched only because Gaim [sourceforge.net] uses protocol plugins, which make it almost transparent which service is in use.
  • incorrect, or misleading at least.

    Let the binary be N bytes long. So we have N starting offsets, and each offset X has (N-X) possible lengths, for a grand total of N*(N+1)/2 possible entries in the challenge/response table.

    Note that each dll or binary get its own table, so that you don't add up all the lengths to make a combined table (sum of squares, not square of sums!).

    For a binary that is 500K = 5E5, the table needs to hold 25E10/2 = 125 gig. Clearly feasable. In comparison, a 56 bit key lookup table has 2^56 which is ALOT more (conversion to base 10 left as an excersise).

    Furthermore, it is unlikely that AOL generates the challenges in a completely random manner. They likely have a cache on their end as well, to speed things up. Thus, the table will be [very] sparse, and thus will not need the full 125 gigs.
  • by gotan ( 60103 ) on Wednesday April 18, 2001 @08:30AM (#282952) Homepage
    The problem was bundling the AIM.exe. Obviously there's no legal way to do that. But there is no need to either since there is an easy way out: let the people get AIM.exe themselves. This solution is even mentioned in the article but marked as "of dubious legality" because it relies on the AIM.exe to be present somewhere and being used in "unacceptable ways".

    Now any solution i can think of is relying, in one way or another, on gathering data "in unacceptable ways" on the AIM.exe. To cache all possible checksums (i don't know if they're limited in some way so i assume arbritrary byte-ranges) would mean to cache sufficient data to be able to reconstruct the executable. So even the proposed legal cover is of "dubious legality". In essence, once you start building a client that mimicks a proprietary client to the level of returning correct binary checksums you should ask a lawyer how to get yourself out of the hot water.

    I think it's safe to assume, that AOL won't go after the users themselves with lawsuits. So what is needed is to get a practicable solution out there which can't be attacked by getting at one person. The next thing we'll see is AOL using some cryptoscheme and however weak it is, we'll get the DeCSS story all over again. If it gets as complicated as Checksum servers etc. then why not go and set up alternative IM-servers?
  • Jabber isn't a solution to not being able to use task at hand, using AIM to communicate with other AIM users. When Jabber has the same users on it as AIM, then we'll talk.
    treke
    Fame is a vapor; popularity an accident; the only earthly certainty is oblivion.
  • I still dont see why the "path to aim.exe" is such a bad idea. It's a nice idea, but it seems to require a very specific version of AIM which would be harder to find. For reference, here's a thread [slashdot.org]. In particular look at message 159 for a message by a GAIM author.
    treke
    Fame is a vapor; popularity an accident; the only earthly certainty is oblivion.
  • Rather than getting Jabber clients to talk to AIM, why not get AIM clients to talk to Jabber?

    The proxy idea in the article was what started me thinking on this. Someone needs to write an AIM proxy which forwards everything on to AIM's real servers, and convince the clients to connect to one of these. The trick is that screennames in a given format (I don't know what this would be, since I don't have AIM around to explore valid screennames and such) would cause a message to be translated into a Jabber request and forwarded on to a Jabber server.

    This is of course only a rough idea, but I think it could work. AIM Users who wish to talk to people on Jabber, ICQ etc would be able to install this proxy on their machine and use HOSTS to point the AIM server address at 127.0.0.1, or those reluctant to do this could probably sign up to a 'public' one of these. The only problem with the public ones is that it gives AOL something to IP-block...

  • I know I'm repeating points that other people have made before, but I think they need to be said. Everyone, repeat after me: I do not have the right to use aim. AOL has put together a program, a standard, and a lot of servers to serve the needs of their customers who want to easily talk to people outside the AOL network, and in order to make it more popular opened it up to almost unlimited use by other people. So you have to use their client? That's their right.

    The point is you can either play by their rules, or go somewhere else. No one is holding a gun to your head and forcing you to use AIM. There are alternatives available: MSN and Yahoo both have messaging clients, and there's everyone's favorite Jabber. "But," you complain, "my friends don't use them!" So what? That gives you two options. One, use the official client. It there's not one available for your platform of choice, too bad. Look back up above: you do not have the right to use aim. Two: get your friends to use something else that you like better. But don't whine that because you want to talk to your friends, you have the right to use AOL's system in a way that they don't like. Because you don't. You and your friends are free to move somewhere else... but are not free to force AOL to do anything that it doesn't want to, or to steal their service without their consent.

    Sorry, that ran a little longer than I intended :)
  • You telling me how to voice my opinion is analogous to me telling AOL how they should run their system.
  • Although I don't think reasoning by analogy is always particularly effective, I think I could give it a try here.

    What if you told me the following: "You have locks on your doors. Your doors are two-part doors, and the key only opens the lower half, forcing me to crawl inside in an uncomfortable position whenever I enter. I'd really rather not do that.

    "But, since you asked, I just wanted to let you know that I can safely, effectively, and anonymously remove those locks whenever I chose. However, I don't really want to steal anything from you, I just want to see if there are circumstances under which you'd allow me to come in standing up. If there are, I'd be happy to play ball. Hell, I'd even pay you or watch your ads for the privelege. And I'll bring my friends, too. Anyway, I'd also be happy to hang up my lock-breaking tools."

    Now, we're getting into ridiculous territory. But that's what happens when you reason by analogy. Still, I think we're somewhat closer to the truth now. I have no interest in hacking AOL - I just want to be able to communicate with my sister, who uses AIM, without having to run their client. Like I've said before, it makes much better business sense working with people like me than fighting us. Because I use Jabber and its AIM transport, many people who want to talk to me have switched to AIM - because they prefer it to Jabber. That's money in AOL's pocket.

    I mean, do you really think AOL has spent less money on these blocking tactics than they have lost due to individual third-party access?

  • Many people have correctly pointed out on this thread that AOL is under no obligation to allow us access to their network. They own it. They paid for it. They continue to pay for its maintenance. That is why they are within their rights in blocking access by third-party clients.

    However, that is not the whole story. Members of various AIM-interoperability groups (most notably, Jabber [jabber.org]) have repeatedly offered to work with AOL to find a mutually acceptable solution to this problem. People with legitimate AOL IM accounts want to access those accounts through non-AIM clients. AOL, though not legally required to, ought to work with them instead of fighting them. It is never good business sense (IMHO) to fight, sue, or otherwise harrass your customers.

    AOL is exploring the limits of their legal and technical abilities to exclude people from their network. They are within their rights. But we are also within our rights in exploring our legal and technical abilities to fight back. At the very least, we ought to find out what is and is not legal. And, more importantly, we should do whatever we can to make it clear to big corporations that they are better off working with us than against us.

  • OK, I'll bite...

    AOL users are some of the most hated and technologically incompetent persons on the Internet.

    Yes, but this is about users of AIM, not AOL. AIM has an absolutely huge user base comprised of AOL subscribers and normal, intelligent people alike.

    I'd think that REAL Linux users would want to do everything in their power to AVOID coming in contact with AOLers. It seems to me that a Linux port of AIM is unnecessary,

    Given the support GAIM and other AIM clones have, I don't think you can say that such ports are unpopular or unnecessary.

    and bordering upon being disgraceful to those of us who value the intellectual high grounds of the Internet.

    Intellectual high grounds? You mean like /.?

    ***
  • Exactly. This solution is much too complicated, if not impossible. Storing the checksums for every permutation of every DLL in AIM (or even a single DLL) is totally impractical. Assuming AIM is a 1MB file and the server can request the checksum beginning at any byte and ending at any byte, this leads to approx. 5*10^11 checksums (n ~= length^2/2), taking up about 8 GB (16 bytes/checksum). Plus the growth of this number is quadratic in the length of the file. Since 1MB is a pretty conservative estimate of the file size, you're quickly looking at a buttload of space for storing checksums. Any server-based solution will have to rely on a dynamic calculation of checksums, and that's probably not an option either.

    If the chunking size is greater than 1 byte or the range of possible start/end points is more restricted, the space requirement will be less, but the quadratic growth will still be there and it'll be easy for AOL to crank up the combinatorics if they desire.

    Just put in a "path to AIM.exe" option and let the user worry about getting the file. I expect a large number will be already have it (or could easily install it) on a windows partition. As for the version of the executable, just store a database of checksums of the various AIM.exe executables and use that to see what version the user has.

    How will Linux users without Windows get it? Most will probably just d/l it from somewhere or copy it from a friend. This is probably illegal, but it should be perfectly legal to use Wine to unpack and install the version straight from AOL.

    IANAL, but I don't see any legal issues. Reverse engineering IS LEGAL. Emulation IS LEGAL. If you download AIM and unpack it on a windows partition or use Wine, how is it illegal to supply the path to the executable to another program? There are *certainly* no legal issues for the GAIM developers for providing this capability -- only the individual users are even *potentially* culpable. Each user can decide for himself/herself whether or not to take the ever-so-slight risk of using AIM.exe in this manner.

    -DA
  • """
    Assuming AIM is a 1MB file and the server can request the checksum beginning at any byte and ending at any byte, this leads to approx. 5*10^11 checksums (n ~= length^2/2), taking up about 8 GB (16 bytes/checksum).
    """

    s/8 GB/8 Terabytes/

    For some reason I always confuse 10^9 and 10^12...

    BTW, another user commented that Wine works just fine for unpacking and installing AIM.

    -DA
  • The Open Source proponents of depliticizing the movement and making it open to business is failling. Everyone is coming off as a hippie communist looking to take stuff from others.

    IMHO, I don't think it is actually forcing everybody to open source but open standard. They want you to run their and only their client. It is a matter of control. Once they get the monopoly they will probably start charging for the client or maybe per minute of use... who knows. They will force you to upgrade your client once a year to keep cash flowing in. We've seen this before (Micro$oft, Realplayer, etc.)

    ---

  • What it boils down to is that it's in AOL's best interest to support alternative operating systems.

    Regardless of what you think, That's really up to AOL now, isn't it? Possibly breaking the law because you think AOL should be on your side anyway doesn't make you right.

    The Good Reverend
    I'm different, just like everybody else. [michris.com]
  • You forgot the forth option - stop whining that a company doesn't have something for you. The world has different operating systems. You choose to use one that most of the rest of the world doesn't use. I respect your choice. But that doesn't mean you have a right to steal the service from the company providing it simply because you don't happen to like the provided client or what you see as it's downfalls.

    No offence, but too bad. You don't have a god-given right to AIM, and AOL doesn't have a obligation to give it to you.

    The Good Reverend
    I'm different, just like everybody else. [michris.com]
  • Actually, there are many people who don't have Windows but still need to communicated with their friends and co-workers.

    There's always ICQ, Jabber, email...

    Besides, reverse engineering something for the purposeses of interoperability is not illegal

    No, but is using a company's servers without their permission?

    I suspect you see issues like this in a very black and white manner.

    Sometimes I do, sometimes I don't. I pick my battles.

    1. Laws are not always just or wise. History teaches us that laws are frequently put in place for entirely selfish or wrong reasons.

    I agree 100%.

    2. Fighting laws "in the system" is possibly the slowest and least effective means of changing a law. People don't wouldn't throw tea in harbors if it was easy (or possible) to change the law through the system.

    What do you suggest? Civil unrest for the purpose of using the IM client you like? This isn't civil rights or taxation without representation. This is the right to use a company's network for purposes they don't agree with. I see a difference, do you?

    3. I like enumerating things. :)

    So I've noticed =)


    The Good Reverend
    I'm different, just like everybody else. [michris.com]
  • > This is going to be a final solution, just like genocide was/is in all the wars. Rather than flat out calling them Nazis/Hitler, you merely implied it. Good show, old chap. p.s.: by generally-accepted usenet rules, this means you lose.
  • Maybe, EXCEPT that one of the conditions for the merger with TW was that they open their IM. This was supposed to be done for them to get the FTC (or was it FCC?) to approve the merger. They made a lot of noises in that direction, it is now time for them to follow through.

    --
  • in all honesty, if i had a huge operation like aim running on my equipment, wasting my bandwidth, and thus requiring me to defend it i would really look at how to dump off the burden onto something else and keep the benefit. aol should change aim to work with jabber. just build a component into the aol software to show their banners, even make their own software for non-aol customers (ala aim) which shows the banners and collects demographic data like now. i know that aol must have looked into this already so there is an obvious downside to what i'm proposing, but what is it? i'm stumped!

    B1ood

  • That's a terrible definition of a "Good enough message client". Carrier Pigeons meet that definition!

    For Windows machines, I feel the real solution is to find an old version of AIM. I'm not sure where though. Before they added a stock-tickers, inline images, a pop3 client, voice-over-IP, and virus scanners. Before they added two(2) ad banners and a 'search the web' dialog. Before people could have their own animated icons, and before the 'preferences' dialog was more complex then it's counterpart in MS-Word! Anyone know where I could pick up one of those old versions? (It's not like they added anything useful, I'm still waiting for a simple spell-checker!)

    For *nix You can't go wrong with Gaim. I've never had any problems with it. Even when headlines here suggested otherwise.

    -Andy

  • My Swiss-Army knife has a plethora of usefull tools but I wouldn't want them built in to every single tool I own.

    -Andy

  • He has re-invented the replay cryptographic attack. In technical terms, he proposes to store the challenges and the responses, and if a matching challenge is found, then replay the correct response.

    The technical flaw is that it's possible that the number of different challenges is large enough so that there will not have a matching stored response, or one will be unable to store all the challenge and response data. (I don't know if this size problem is the case with AIM, but it's the standard way of dealing with this system)

  • I did! I'm a subscriber because my family shares an account for AOL. We have for years. It's the customers who pay for the servers, not the company. Why shouldn't I be able to use the client of my choice with the servers that I helped pay for? It's not costing AOL a thing since they get their $20 bucks a month out of my pocket to fund those servers? Why shouldn't people with totally legit AOL accounts be allowed to hook in to the servers through jabber, the same way we can hook in to AOL through a normal ISP? They're blocking me of the rights that I pay for with my subscription, and I'm none too pleased about it, since the Linux AIM client is shit and the full AOL app is nonexistent.

    "I may not have morals, but I have standards."
  • I'm not talking about end-results here. I'm talking about taking an ethical standpoint. For example, would not these hackers protect their boxes if someone hijacked their servers? For instance a company advertising through their client and adding lots of extensions, plus sucking down alot of bandwith. Anyways, that's just hypothetical, to show another perspective to the issue.

    What really got my grapes about this article wasn't really that they think they have a fool-proof system in the works, but that this somehow makes enough justification for nuking the opponent totally. Kind of like the victors of any wars are always in the right. Not that I believe we've seen the last of this.

    It's basically a question of how far you want to go to win. Not that I believe I know the answer to that. I don't think it's very nice of companies to lock people up in proprietary protocols and clients either.

    - Steeltoe
  • by Steeltoe ( 98226 ) on Wednesday April 18, 2001 @06:07AM (#282975) Homepage
    "I don'st mean to pick on AOL in this article, except that it's the first big company (that I know of) to take the fight against open standards to this level. Because this system is implemented on top of Freenet, it should be trivial to extend it to other applications besides AIM. The point of implementing it is not just to beat AOL, but also to provide a real live deterrent to other companies contemplating the same thing. If companies know that we can trivially and legally circumvent their "control" schemes, they won't bother with them in the first place. And that's what open standards are all about. "

    Sorry, but you've lost me. If someone won't play ball with you, you should break into their network and take what you want? AOL is not ethical, but this is not any better. The last paragraph about "open standards" really smells badly in my nose. This is going to be a final solution, just like genocide was/is in all the wars. This is excactly how wars arise, and continue beyond the original participants' lifespans.

    Don't take me wrong on this. I respect your right to do as you think is right. It's sort of cool to hack things. However, instead of fighting this over with AOL I would leave AOL networks, and explain my friends why.

    - Steeltoe
  • AOL is just so evil, how can a corporation not let competitors use their services! They only bought the servers and made the code, how dare they even think about not letting some bum leech off of their bandwidth!
  • You aren't asking them to switch. You are asking them to run them both. I run MSN Messenger, ICQ, and Yahoo to talke to different people. Plus, some of my friends are on 2 or all 3 of these which is handy when one starts flaking out (and they all flake out).

    Where is it written that you should only run one IM?

  • Also, they do have an open standard. TOC. So it doesn't do everything OSCAR does, but isn't that the point? It is their service, it is there servers. They could just say fuck off and not use TOC at all and screw everybody out of AIM unless they use an AOL client, but they don't.
    --
  • TOC doesn't suck. It does everything normal AIM does. except it doesn't allow dirrect connecting so no file transfering or AIMTalk or whatever they call it, and no buddy icons.. oh what a tragity.

    The longest I've seen TOC down was 4 hours.. and I've seen OSCAR outages down just as long.


    --

  • The difference is that I can get an opensource, free AIM client, and so can you, and we never give AOL any money. But if I send email to an AOL user then at least the person on AOL is paying them money. That's why it's different. The people using the email servers pay, but there can be many, many people that use AIM but never pay, and use it to talk to people that never pay.


    --

  • by alexhmit01 ( 104757 ) on Wednesday April 18, 2001 @05:58AM (#282988)
    The Open Source proponents of depliticizing the movement and making it open to business is failling. Everyone is coming off as a hippie communist looking to take stuff from others.

    This is beyond bizarre. AOL runs a group of expensive servers and has told you to use their client. You CAN'T even claim interoperability, there IS a Linux client, and there IS a Java Express Client, and the tickle client floating around.

    They have made every effort to have a compatible client available for you.

    The fact that you would prefer your own doesn't give you a right to their services.

    However, by showing that we won't respect the law nor attempts at technical limitations, you discredit all of us. For those of us trying to win adoption for Open Source tools and platforms, stuff like this is a huge step back.

    We're not sure if this is legal, but we think we might have finally found a loophole.

    Congratulations, you have violated ehd spirit of the law but not the letter. That doesn't make you a moral person.

    And immoral behavior is not acceptable because the victim is a corporation.
  • From the article, on the proxy server's legality:

    Some volunteers are simply allowing others to observe and record parts of their conversation with AOL's servers.

    If someone actually put up a proxy server, AOL would add restrictions to the EULA in a second, and then sue anyone who was "letting others observer and record parts of their conversation".

    Who cares about AIM anyways? Let AOL keep their system - just use something else. If people stopped using AIM, AOL would eventually have to make it compatible with the other systems anyway, like they had to do with email.

  • The reason to not use TOC is because it lacks several features which the Oscar protocol has; most notably the ability to check someone's away message without actually sending them a message. File transfer is also a poor hack in TOC.

    FWIW, the Linux Beta AOL client does use Oscar, and has not been blocked to my knowledge. However it is a ripoff of GAIM with only half the features.

  • "After all, hackers are AOL customers, too."

    If you download Winamp or the free software from Nullsoft [nullsoft.com], you're an AOL customer. If you use a branded (Netscape 4.x or 6.x) version of Mozilla, you're an AOL customer. If your local cable monopoly is Time Warner, and you have cable TV or a cable modem, you're an AOL customer. If you watch CNN, TBS, TNT, TCM, or Cartoon Network, you're an AOL customer.

    It's becoming increasingly difficult to use the tool of boycott against media conglomerates.

  • When Jabber has the same users on it as AIM, then we'll talk.

    Only you can make this happen, by using SMTP to send a message telling your Buddies about Jabber and giving them your JID. Once Jabber is more widespread, you will need exactly two realtime messaging clients: Jabber (for Y!, MSN, ICQ, IRC) and AIM.exe.

  • While it would incur having users go to aim.aol.com and download the binary

    It doesn't checksum aimsetup.exe. It checksums aim.exe and/or several AIM DLLs which are created when you execute aimsetup.exe on an x86 machine running 32-bit Windows. Short of emulating Windows in a Bochs (and paying USD $320 for a single Windows license [microsoft.com]), there is no way to turn aimsetup.exe into aim.exe on non-x86 machines.

  • We seem to forget that there is are an unlimited number of possibilities for potential checksums requested by the AIM server.

    Not unlimited. For one thing, the hash cannot request memory outside of AIM's address space; otherwise, the client will segfault. For another thing, it is just as tough for the server to compute and cache correct answers as it would be for the AIM proxy to compute and cache them.

  • How does it "create" the DLLs? By compiling them on the spot? (I think you'll find that the DLLs already exist in the installer archive.)

    Is the archive a standard .tar.gz archive? A standard .zip archive? Probably not. The installer creates the DLLs by descrambling and decompressing the archive, something you would need to have a descrambler and decompressor to be able to do. And those are available only as x86 binaries as part of the installer.

  • by yerricde ( 125198 ) on Wednesday April 18, 2001 @06:48AM (#283001) Homepage Journal

    2. Use a different IM, like Jabber and leave your friends behind. Unfortunatly IMing yourself isn't very fun, and this turns out to be like option 1.

    4. Use a different IM, like Jabber and bring your friends along. Send your buddies messages using SMTP (email, duh) that they should run Jabber alongside AIM (from now on, they'll need exactly two realtime messaging clients: Jabber and AIM), that you will be running Jabber, that your JID is foo@jabber.com, and that Jabber clients for a variety of platforms are available here (give a URI).

    5. Or just use email.

  • A corporation that does not maximize profit because of moral qualms can be sued by their shareholders.

    Two points: 1) A corporation can't be sued by it's shareholders due to breach of fiduciary responsibility, the CEO, or President, or whoever made the decision would be sued. 2) As long as the company publicizes their moral behavior, it is reasonably in the best interests of the company. A CEO can rationalize that moral behavior leads to goodwill which increases the companies profits. This would be perfectly accepted in a court of law.

    The proper response to what AOL is doing is to stop using their stupid server. When your non-technical friends ask you why, tell them, then teach them how to switch to a service with an open protocol, such as MSN Messenger. Have them call up AOL and complain. Then buy lots of shares of AOL and vote your shares against the current management who makes such stupid decisions. (Disclaimer: I own lots of shares of AOL, and vote every one against the current management who makes such stupid decisions.)

    As for the morality of the situation, I don't believe that breaking copyright law is immoral. So if there's a way to get around copyright law in a legal fashion, I say go for it. If AOL wants to make money off every person who uses Oscar, let them charge for it. Otherwise, they should chalk it up as a loss of a few million to goodwill. AOL made almost 2 billion dollars in profit in the last 12 months. I can't imagine opening up Oscar as affecting their bottom line very much. My own personal belief is that it would increase it.

  • Why is it that this is the first time anyone has mentioned TOC in this story? Why has it not been modded up? It shouldn't be that hard to reverse-engineer one of their Java clients and make the result not suck like the Java clients do. I know that TOC isn't as fully featured as OSCAR, but that's what IRC and ICQ are for anyway.
  • It's amazing how many technically literate people have a poor understanding of large numbers. The article proposes distributed caching of checksums generated by genuine AOL clients. They then (implicitly) apply the argument, "it's distributed, so it will scale as far as we'd like it to".

    Suppose that aim.exe is one megabyte in size. Then the number of ranges you could be asked to checksum is around 10^6 * 10^6 = 10^12 (note to nitpickers: this is an order-of-magnitude calculation). This means that if 1000 "legitimate" logons are cached every second, it would take years for the cache to warm.

  • Freenet is cool, but it's very, very slow. And I really don't think the people running it would like to have their servers flooded with terabytes upon terabytes of data so that people can use AIM.

    having a 'cache of valid Reponses' is a totally ludicrous solution.

    Just have a copy of the valid file around, and use that. You could even automaticaly set up jabber to download new versions from AOLs servers.

    Rate me on Picture-rate.com [picture-rate.com]
  • The alleged scheme might work and might be legal. But is is a huge waste of the limited resource of open source community to implement it now.

    As The article suggested, using the path of aim.exe is of dubious legality. However, using the proposed scheme is also of dubious legality. That does not mean that either is illegal. It only means that we will never know their legal status until a court challenge is resolved. So why try the more difficult path first?

    I suggest the jabber developers start by using the easier method. It might help to consult a lawyer first. It might help to publish the patch in a country that is less hostile to the public good than the US. It might help if several patches are written independently in several jurisdictions. Then let AOL sue. Then let the suit unwind itself through all legal levels and appeals. All the while the patches are easily found on the internet. Then, if, and it is a great if, jabber looses in all jurisdictions, start developing the more difficult procedure suggested in the article.

    Programmers are suppose to be lazy. And this is a good time for acting on that principle. With lack, the more difficult strategy will become moot, because...

    • they won't sue
    • they will lose
    • the legal landscape will change
    • the technical landscape will change

    IANAL

  • And immoral behavior is not acceptable because the victim is a corporation.

    actually, it is. Coporations are legally bound to treat me and you in the most profitable way that is still legal, without regard to morality. A corporation that does not maximize profit because of moral qualms can be sued by their shareholders. The most basic thing about morality is reciprocity. Why shouldn't individuals treat corporation in the same ammoral but legal fashion? Corporations are legal creatures one of whose purpose is to release their shareholders from moral ( and legal ) responsability. Why would I have problems then with anyone using the law to royally screw a corporation.

  • As long as the company publicizes their moral behavior, it is reasonably in the best interests of the company.

    As you have just admitted, moral judgement in corporate behavior is subordinated to interest. That is a big difference. I expect my fellow humans to engage in moral behavior towards me even if that harms their own interest. Whether they ( and I) live up to it or not is another matter, but this is my expectation. I don't have such expectations from corporations and therefore I don't feel morally obliged by them.

    Thus, whatever people do to AOL, if it has a reasonable chance of surviving legal challenge, is totally KOSHER.

    I hope you turn a profit on AOL shares, and I appreciate your voting against management. But this changes nothing. See, if AOL makes money by doing something immoral, you will enjoy the profit, but you won't feel personally responsible ( after all, you can always say, you were against it). That is good enough reason why my obligation to behave morally towards you does not extend to the company you own.

  • So, wouldn't the checksum server be essentially redistributing the binary?

    In a sense, yes. However, I think they rejected "give a checksum to the client" as being illegal back in the original article. The method they focus on involves only sending checksums from the proxy to AOL, utilizing a previously cache response from a legitimate client.

  • Oh,
    They don't just request checksums of aim.exe, they're currently requesting checksums of part of proto.ocm, and can probably request any file in the aim distribution they like. (the extension isn't actually sent, tcpdump shows "proto*" and the offset/length coming from the server during the request for an md5sum).
    so it's _considerably_ much worse than your calculations.
  • how much more difficult would it be to develop a new open messaging standard? Instead of trying to pry open a standard which while easily picked apart, keeps getting the door slammed on the workarounds?
    I thought the article answered that -- those of us who have to make a living sometimes have to talk to AOL customers, and most of them aren't capable of installing a third-party messaging program on top of that mess AOL makes of IE5.
  • The typical brain-dead AOL'er usually accepts what they've been given, ala - AOL IM. That's why I use it, because everyone else does. It's definitely not the nicest one out there, but it is the most pervasive, just like the equally annoying M$ Windows. So I think there is a good reason to have people developing more powerful clients for the AOL IM network than accepting the default standard.
  • AOL users are some of the most hated and technologically incompetent persons on the Internet. I'd think that REAL Linux users would want to do everything in their power to AVOID coming in contact with AOLers. It seems to me that a Linux port of AIM is unnecessary, and bordering upon being disgraceful to those of us who value the intellectual high grounds of the Internet. So I ask of you, why bother? Who needs to talk to AOLers anyway?
  • by dhamsaic ( 410174 ) on Wednesday April 18, 2001 @06:10AM (#283046)
    They have made every effort to have a compatible client available for you. -- Not really. The AIM *beta* for Linux is hardly functional. File transfer is not supported. Until recently, you couldn't change away messages. The beta hasn't been updated since December. It's usability is severely limited. As for the Java client, the same problems plague that, add Java's extreme resource requirements and you have a client that's not very useful on a number of not-so-out-of-date machines. Enter Gaim [marko.net], my client of choice. It offers the TOC protocol as well as Oscar, and since I use TOC now, I'm on firm ground. But I used to use Oscar. Why? Because the TOC protocol is severely limited as well. There's no away message checking. File transfer is a hack job. AOL *could* change this, but they haven't. So please don't say that they've made every effort - they certainly have not.

    Add to that the fact that they're seemingly unwilling to have any talks about this, any negotiations about a new protocol, and your above referenced argument looks absurd.

    What it boils down to is that it's in AOL's best interest to support alternative operating systems, at the very least, by allowing us Linux and BeOS users to connect. If you're on Windows or Mac, use that client. I'll stick to Gaim. And increase the AIM userbase, so AOL can tell their advertisers "We have 30 zillion users." - I'm a part of that if I can connect. If I can't, I'm not.

"I say we take off; nuke the site from orbit. It's the only way to be sure." - Corporal Hicks, in "Aliens"

Working...